[FFmpeg-trac] #8222(avfilter:closed): A potential Use-After-Free bug

FFmpeg trac at avcodec.org
Mon Oct 7 12:03:48 EEST 2019


#8222: A potential Use-After-Free bug
------------------------------------+------------------------------------
             Reporter:  wurongxin   |                    Owner:
                 Type:  defect      |                   Status:  closed
             Priority:  normal      |                Component:  avfilter
              Version:  git-master  |               Resolution:  invalid
             Keywords:              |               Blocked By:
             Blocking:              |  Reproduced by developer:  0
Analyzed by developer:  0           |
------------------------------------+------------------------------------

Comment (by wurongxin):

 Replying to [comment:1 richardpl]:
 > last_expr is never freed.
 > Also valgrind shows nothing.

 It is possible that last_expr points to the same memory location of arg
 (See Line 138).  When the loop from Line 130--140 only is executed once,
 last_expr will still point to arg. Since arg can be the memory same
 location as args, when free args (Line 142), last_expr can be freed. Can
 you double check this?

--
Ticket URL: <https://trac.ffmpeg.org/ticket/8222#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list